IEEE 802.11w-2009

IEEE 802.11w-2009 is an approved amendment to the IEEE 802.11 standard to increase the security of its management frames.

Protected Management Frames

Current 802.11 standard defines "frame" types for use in management and control of wireless links. IEEE 802.11w is the Protected Management Frames standard for the IEEE 802.11 family of standards. TGw is working on improving the IEEE 802.11 Medium Access Control layer. The objective of this is to increase the security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection. These extensions interact with IEEE 802.11r and IEEE 802.11u

Info on PMF

Class of Management Frames

Class 1:

Class 2:

Class 3:

Which frames are Not protected

Infeasible/Not possible to protect the frame sent before four-ways handshake because it is sent prior to key establishment Infeasible to protect

– Any Management frame that is sent before key establishment is infeasible to protect

– The Management Frames, which are sent after key establishment, can be protected

Which frames are protected (PMF)

Protection-capable management frames are those sent after key establishment that can be protected using existing protection key hierarchy in 802.11 and its amendments Only TKIP/AES frames are protected and WEP/open frames are not protected

Protection-capable Management Frames are protected by the same cipher suite as an ordinary Data MPDU

Replay Protection


The 802.11w standard is implemented in Linux and BSD's as part of the 80211mac driver code base, which is used by several wireless driver interfaces i.e ath9k. The feature is easily enabled in most recent kernels and Linux OS's using these combinations. Openwrt in particular provides an easy toggle as part of the base distribution. The feature has been implemented for the first time into Microsoft operating systems in Windows 8. This has caused a number of compatibility issues particularly with wireless access points that are not compatible with the standard. Rolling back the wireless adapter driver to one from Windows 7 usually fixes the issue.

Wireless LANs send system management information in unprotected frames, which makes them vulnerable. This standard protects against network disruption caused by malicious systems that forge disassociation requests that appear to be sent by valid equipment.[1]


We finally see some encryption for management frames, which has been desired for a longer time. With the requirement for WFA certification of PMF for 11n, 11ac and Passpoint, we should be able to set this feature to optional, the required/mandatory flag can only be used if the client support is assured. It may be a rare case, but some hackers use the disassociate attacks to move clients to their own AP, which can now be prevented. An attacker can still send channel switch announcements to steer clients to his AP and of course as soon as an attacker is connected to the network with PMF, he or she is able to perform attacks with protected frames as well. So the remaining disturbance of client connections/transmissions without a network connection are RF jamming and CTS control frames with long reservation times.

See also


This article is issued from Wikipedia - version of the 2/10/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.